Categories: "General"

2017-10-13

We have seen many of those by now. Starting with old ones like FIPS 140, and concluding with more recent additions as the NIST CSF (Cyber Security Framework). The question is: are whose worth my time? What are they good for? Do we need to adhere to them? In a nutshell, I think they have their value, and need to be consulted, but not worshiped.

2014-09-05

This video demonstrates how an IR camera, of the type that can be bought for a reasonable price and attached to a smart-phone, can be used to capture a PIN that was previously entered on a PIN pad, by analyzing a thermal image of the pad after the fact. When the human finger presses a non-metallic button, it leaves a thermal residue that can be detected on a thermal image, even if taken many seconds later.

2014-04-03

When people discuss Bitcoin, one of its properties that is often considered is its presumable anonymity. In this respect, it is often compared to cash. However, it shall be recognized and understood that Bitcoin is not as anonymous as cash; far from it, actually. Its anonymity relies on the concept of pseudonyms, which delivers some (unjustified) sense of anonymity, but very weak anonymity in practice.

2013-12-28

I have just finished reading Little Brother by Cory Doctorow. This book presents the story of a typical but tech savvy teenager who falls victim to harassment by the Department of Homeland Security and the police state, where every citizen is constantly tracked and monitored as a potential terrorist. The story is fictitious, of course, but those who follow the reaction of some nations to the terrorism threat and the ever increasing amplitude and sophistication of wholesale surveillance, cannot miss that while the story is factually fictitious, it is not at all implausible.

2013-09-13

There is an ongoing debate on the need for new regulations that protect individuals' personal data. Regulation is said to be required to protect the personal data of citizens, consumers, patients, etc., both against corporate service providers as well as against governments.

There is a growing concern about the implications of the data collection habits of social network operators, such as Facebook, as well as other service providers. Even those individuals who claim to not see any tangible risk behind the massive collection of data on themselves by service providers, still feel unease with the amount of data available on them, and on which they have no control.

On the state side, knowing that your government may monitor every single email and phone call reminds of George Orwell's book "nineteen eighty-four". It is largely agreed that this practice, if not outright eliminated, shall at least be better controlled.

This essay discusses the two possible domains for such better control: technology and regulation, arguing that the former is tremendously more effective than the latter.